I host a small website with a well known VPS service. They provided me with one IPv4 address upon registering and said additional addresses would require justification. I requested one additional IPv4 address so as to have one for a production environment and one for a testing/QA environment. They said this was unnecessary as I could just use alternative TCP ports for the test environment.

I can live with using a non-standard port for non-production hosting, but it got me thinking, what would be valid justification? (I asked them and they didn't want to answer). Is there an industry standard for what counts as "valid" justification for additional IPv4 addresses?

5 Answers
5

With the IPv4 shortage globally waste in the IPv4 space is not wanted so 'any' reason really is not the case any more.

Generally speaking anything that you cant use NAT or ports for without a load of hassle or impractical amounts of work is valid, SSL is the main justification these days however that will change soon with new methods, and a lot of hosts will check you really are using it for this by asking you what the domain is going to be and checking it within 14 days.

They dont want to answer not because they dont want to tell you but sadly so many people waste them they dont want people giving stock answers just to get IP's without discussion.

If you need an IP for a production site/service and it really does need an dedicated external IP then giving them an explanation as to why would constitute a valid reason.

If those host does not own its own IP space issued through RIPE/ARIN then it is also possible they are leasing them from the data centre in which case the host will also have a hard limit on how many IP's they can assign to a physical server so if they sell you an IP for $2 p/month then that is an IP they cannot use for another virtual server that they could charge a bit more for so they really want to make sure it is not going to be wasted.

just about any reason would be considered "valid". typically, unless you have wildcard or multihost certs, ssl is 1:1 IP addr to https site. so you can say you just got 10 different https customers.

it can also be a propriatary reason, such as my super secret code / app must run on its own ip, so that i can iptables deny everything except udp/5998.

interestingly enough, i have seen vps service providers give 2 ips, so that customers can run bind named, but both ips are on the same vlan/network which goes against dns authoritative RFC requirements.

there is a bit of an ip shortage, as massive /16's were just handed out like candy many years ago.... so if you request a /20, and say its cuz you have a few https customers, you will rightly be denyed.

This can really depend on your provider, what services you have with that provider, and how much you're paying for it.

From my experience, if you're dropping several grand a month on services, you can get additional address space without a quarrel. You still have to fill out the paperwork but nobody cares how you use the IPs.

With other providers, they will charge a fee for additional IPs. If you agree to pay what they ask for the address space, you can usually justify it however you want. To be clear, you still have to provide documentation on what you will 'allegedly' use the IPs for - but I've never had a provider bother to go and check that it's really true.

If you're trying to get the IPs for free or you've got a hard-nosed provider, the justification has to demonstrate real need. Some examples of "real need" would be:

You're a reseller

You have multiple WAN edge appliances (firewall, VPN, etc)

You have production websites/services that are dependent on a certain port

This is simply an arbitrary constraint dictated by the rules & resources of your provider. Simple as that. Some providers have no issue granting more IPs. Others have more hoops to jump through. There is no one generic answer.